Posted on December 13, 2022 at 7:26 PM
Uber recently shared that it suffered a new data breach, and that the threat actor behind the incident managed to steal some data, which they already started leaking on the internet. Uber admitted that the online criminal managed to steal and leak employee email addresses, IT asset information, as well as corporate reports.
However, according to the company, the data was not stolen directly from it, but from a third-party vendor known as Teqtivity.
As mentioned, the hacker did not waste any time. They started leaking data that they claimed was stolen from both Uber and Uber Eats on Saturday morning, using the name UberLeaks. The data was released on a public hacking forum which has a long history of being used for leaking data stolen in hacking attacks.
The data seems to offer a number of different archives, some of which is allegedly even source code associated with Uber’s and Uber eats’ mobile device management platforms. The hacker decided to split the data in four separate topics, including Uber MDM, Uber Eats MDM, TripActions MDM, and Teqtivity MDM.
It is believed that the entity behind the attack might be a hacking group known as Lapsus$, as each post refers to one of its members. The same group was already confirmed as an entity responsible for a number of high-profile hits, including another attack on Uber that took place earlier this year, in September. Back then, the attackers managed to access the company’s internal network and Slack server.
The new attack, however, seemingly consists of more than just source code. It also has IT asset management reports, Windows domain login names, email addresses, data destruction reports, and more data connected to Uber and its operations. One document holds information belonging to more than 77,000 Uber employees. It includes their email addresses, as well as Windows Active Directory information.
Initially, researchers who started getting interested in the matter believed that this data was stolen during the September breach. However, uber itself admitted that it believes that the leaked data belongs to a third-party vendor that Uber is working with — specifically, Teqtivity. As such, the data is unrelated to the security incident in September. However, Uber also added that it inspected some of the leaked code and that it can confirm that the code is not its property. Even so, the company will continue to look into the incident.
Other researchers who have collected the leaked data for analysis have stated that it appears to be tied to internal Uber corporate information. As such, it contains no sensitive data involving the company’s customers, so at least the firm’s users are safe from direct harm. But, the leaked data also contains enough details to start conducting phishing attacks targeting Uber employees.
If even one such attack ends up being successful, the attackers could acquire some of the more sensitive information, including login credentials. With that in mind, researchers are urging Uber employees to be on the lookout for any suspicious email which might be impersonating the company’s IT support team. All emails that seem unusual in any way should be confirmed directly with the admins of the company’s IT department, especially those that request any kind of login information or other sensitive data.
Teqtivity, the vendor that was breached by online criminals, is a company that Uber uses for asset management and tracking services. According to the vendor, online criminals managed to gain access to its backup server, which stored data for the company’s own customers. As a result, threat actors managed to obtain information belonging to the company’s users, including device information and user information.
Device information includes details like technical specs, make, model, serial number, and alike. Meanwhile, the stolen user information includes data such as first and last name, work email address, and work location details.
Apart from that, Uber pointed out that the leaked source code was actually created by Teqtivity, and it is used for managing Uber’s services. That is why there are many references to Uber, while the code itself does not belong to Uber.